Lucene search

GitHub_MCVE-2022-36110

HistorySep 09, 2022 - 8:15 p.m.

CVE-2022-36110

2022-09-0920:15:11

CWE-285

CWE-1220

GitHub_M

web.nvd.nist.gov

421

netmaker

wireguard

cve-2022-36110

security

authorization

api

patch

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

Affected configurations

Nvd

Vulners

Node

gravitlnetmakerRange<0.15.1

VendorProductVersionCPE
gravitlnetmaker*cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gravitl	netmaker	*	cpe:2.3:a:gravitl:netmaker::::::::

CNA Affected

[
  {
    "product": "netmaker",
    "vendor": "gravitl",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.15.1"
      }
    ]
  }
]

References

github.com/gravitl/netmaker/releases/tag/v0.15.1

github.com/gravitl/netmaker/security/advisories/GHSA-ggf6-638m-vqmg

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVE-2022-36110